• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Geek's Advice

IT News, Software Reviews, How To's & Computer Help

  • News
  • Reviews
  • Removal guides
  • Fix
  • Tutorials
  • Forum
  • ASK A GEEK

What is COM Surrogate (dllhost.exe) and Why It Causes High CPU?

January 19, 2023 By Norbert Webb Leave a Comment

If you have recently opened the Task Manager on Windows, chances are, you have noticed several instances of COM Surrogate process running on your computer. For many computer users, the process name isn’t self-explanatory, nor is the filename (dllhost.exe) associated with them. Naturally, this raises questions like why this process is running and could it be a virus. In this article, we will explain the purpose of COM Surrogate, discuss common problems and errors related to it and how to fix them.

What is COM SURROGATE (dllhost.exe)?

Contents

  • What is COM SURROGATE (dllhost.exe)?
  • How to understand which object a COM Surrogate is hosting?
  • Is COM Surrogate a virus?
    • Damage that COM Surrogate virus can cause
    • Identify COM Surrogate virus easily
    • How to avoid malware infections
  • Common errors related to legitimate COM Surrogate process
  • Do not stop or disable the legitimate dllhost.exe process
  • Typical COM SURROGATE issues
    • COM Surrogate High CPU (high memory usage problem)
    • COM Surrogate has stopped working
    • COM Surrogate keeps popping up
    • COM Surrogate asking for password
  • Methods to Fix COM Surrogate Errors
    • Method 1. Reset Internet Explorer
    • Method 2. Re-register DLLs
    • Method 3. Rollback Display Driver
    • Method 4. Run sfc/scannow
    • Method 5. Run Deployment Image Servicing and Management tool (DISM)
    • Method 6. Run a scan with antivirus software

COM Surrogate is an alternative name for dllhost.exe. COM stands for Component Object Model, and it is a Microsoft’s system for creating binary software objects that can interact with other objects. Software developers can be written in a variety of programming languages. The only requirement for the language is that it must allow creating structures of pointers and call functions through pointers. Because the COM standard is applied after the program has been translated into a binary machine code, it is sometimes referred to as binary standard.

To explain the purpose of COM in simple terms, it is a technology that allows objects to interact between different processes as easily as within one process. In other words, COM provides a language-neutral way to implement objects in environments different than the one they were created in.

A good example of Component Object Model usage is a Microsoft Word document that has an embedded spreadsheet. Whenever the data in spreadsheet is updated, it also updates in the MS Word document as well. The same spreadsheet can be reused in several documents.

Previously, if COM objects crashed, they would take down its host process. For this reason, Microsoft created COM Surrogate process to address this issue. The process hosts the COM object outside the original process that requested it and in case the COM object crashes, the original process continues running, and only the COM Surrogate will go down.

As suggested by Microsoft’s Raymond Chen, the process can be used in situations where the developer doesn’t feel sure about certain code. The problem can be solved by asking COM Surrogate to host it in another process to avoid unnecessary crashes. Therefore, COM Surrogate file name is dllhost.exe, as the objects it hosts are .dll files.

what is com surrogate explained

How to understand which object a COM Surrogate is hosting?

Although Windows Task Manager doesn’t provide information about specific COM objects hosted, you can check it using Microsoft’s tool named Process Explorer. Make sure you download it from the official Microsoft website as provided here and not some suspicious third-party websites. To understand which objects a specific dllhost.exe process is hosting, just hover your mouse over it.

Use Process Explorer to see which COM object COM Surrogate process (dllhost.exe) is hosting

Is COM Surrogate a virus?

COM Surrogate can, in fact, be a virus, because cybercriminals often try to disguise malicious processes under names of legitimate Windows processes in order to avoid drawing user’s attention to it. However, we will explain how you can figure out whether the instances of this process running on your computer are genuine or associated with malware.

Damage that COM Surrogate virus can cause

There are several examples of computer viruses that use dllhost.exe process to deliver payloads. Names of these malware variants are Poweliks, Artemis, Kovter, Sirefef.A, although there may possibly be more of Trojans/rootkits misusing the dllhost.exe process.

For example, the majority of these malware variants are considered fileless infections, since they run without any own file, but rather injects themself into legitimate processes like dllhost.exe.

These threats can disable security software, contact remote hosts and download additional malware on the system, carry out tasks according to remote attacker’s needs, or perform clickfraud.

Identify COM Surrogate virus easily

If you suspect that you have a COM Surrogate virus running on your computer which is often causing High CPU (100% disk) in Task Manager, we recommend checking its origins. One of the quickest ways to check whether you’re dealing with the real or fake dllhost.exe is to check its file location. Here’s how to do it:

  1. Open Windows Task Manager by pressing CTRL+ALT+DEL and then click Task Manager.
  2. Here, press C button repeatedly until you find COM Surrogate (it is a fast way to search by the first letter). Right-click the process and choose Open File Location option. TIP: You may need to check several processes, in case you see more than one COM Surrogate running on your PC).
  3. Check if the process-associated file is located in C:/Windows\System32 or C:/winnt/system32. It indicates that you are dealing with the genuine process. If the file is located anywhere else, you might be dealing with a virus.

One way or another, the only way to assure that it is safe or malicious is to boot computer in Safe Mode and run your antivirus software. It will use signature-based or machine-learning detection model to identify whether the COM Surrogate virus is real or not. Our team recommends using INTEGO Antivirus for malware detection and removal.

How to avoid malware infections

In order to prevent fileless computer infections that might try to hijack legitimate processes like dllhost.exe, we suggest reading these recommendations:

  • Keep your PC protected with an antivirus that has real-time protection feature.
  • Do not download cracked software and other illegal content from online resources.
  • Keep your operating system and installed software up-to-date (do not delay pending updates).
  • Be careful when checking your email – do not open links or attachments sent by untrustworthy parties.
  • Use strong passwords for RDP.

Common errors related to legitimate COM Surrogate process

People often worry about High disk usage caused by this process. However, just like Microsoft Compatibility Telemetry or other processes, it might use a lot of RAM due to certain issues. We suggest running a quick free scan with RESTORO to identify troublesome programs and malware-related issues on the system.

SCAN WINDOWS SYSTEM

See Full Review

Scan your system for FREE to detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically. Includes Avira spyware/malware detection & removal engine.

Do not stop or disable the legitimate dllhost.exe process

You cannot stop, disable or delete COM Surrogate file because it is an essential part of the whole Windows operating system. To be precise, it is responsible for smooth operation of COM objects and prevention of Windows Explorer crashes. These processes can be used by variety of programs (you may see several ones in WTM) to complete certain tasks outside the host process.

However, some users might feel the urge to disable the process due to certain problems caused by the process. In the majority of cases, the process will simply restart itself automatically. However, if you suspect that there is a serious or persistent problem with dllhost.exe, you may want to look deeper into it.

Typical COM SURROGATE issues

Although the original DLLHOST.EXE process is safe and legitimate, there are some issues related to it that cause regular headaches for Windows users. Some of the most common problems and errors related to it are:

COM Surrogate High CPU (high memory usage problem)

COM surrogate high cpu in Windows Task Manager
High CPU caused by the process can seriously slow down the computer system.

Many computer users report seeing an increased RAM usage by the said process. COM Surrogate high CPU might be caused due to a malware attack, corrupted files or outdated codecs. One way or another, you shouldn’t ignore this problem and take actions to fix it immediately.

SCAN WINDOWS SYSTEM

See Full Review

Scan your system for FREE to detect security, hardware and stability issues. You can use the scan results and try to remove detected issues manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically. Includes Avira spyware/malware detection & removal engine.

COM Surrogate has stopped working

com surrogate has stopped working windows pop-up
The process may stop working due to various reasons.

The said error typically occurs while browsing media files – videos or pictures stored on a computer. Typical issues causing the error are outdated drivers, false positive antivirus interruption, or disk errors.

COM Surrogate keeps popping up

Users on various Internet forums often discuss yet another persistent annoyance related to DLLHOST.exe. They report that COM Surrogate pop-ups and disappears or minimizes other programs for them. It typically happens every 5 or 10 minutes. There are several known fixes for this error, including disk error checking or updating codecs.

COM Surrogate asking for password

COM Surrogate asks for password
Windows Security prompt associated with the process asks for email password.

Some users have reported an issue related to Windows Security COM Surrogate asking for password for email. It can happen after manually shutting down the process. The first thing you should try if you’re dealing with this issue is to perform clean boot and see if you’re getting the prompt there. If you do not get the issue while in Safe Mode, it means that the issue is related to some third-party program. Otherwise, the issue might be related to outdated system version, wrong software installation bit-wise or other issue.

Methods to Fix COM Surrogate Errors

Method 1. Reset Internet Explorer

  1. Open Run prompt by pressing down Windows key + R. Then, type inetcpl.cpl and press Enter.Open Internet Properties via Run prompt
  2. Internet Properties window will appear. Go to Advanced tab and press Reset… button.
  3. In the next window, confirm your choice by pressing Reset again.
    reset internet explorer settings
  4. Once the settings are reset, close the windows and restart your computer.

Method 2. Re-register DLLs

This method re-registers DLLs and thus can help to solve the issue with dllhost.exe. It is worth trying it.

  1. In Windows search, type Command Prompt. Right-click the matching result and choose Run as administrator.
    run command prompt as administrator
  2. In UAC prompt, press Yes.
  3. In Command Prompt, type the following command: regsvr32 vbscript.dll and press Enter. You will see a notification stating “DLLRegisterServer in vbscript.dll succeeded.”
    Run DLLRegisterServer command in vbscript.dll
  4. Now, type regsvr32 jscript.dll and press Enter. You will see a notification stating “DLLRegisterServer in jscript.dll succeeded.”
    Run DLLRegisterServer command in vbscript.dll
  5. Restart your computer.

Method 3. Rollback Display Driver

Another commonly discussed method that helps to fix COM Surrogate has stopped working error is rolling back your display driver. Here’s how to do it:

  1. Launch Run prompt: press Windows key + R at the same time. Now, type hdwwiz.cpl and hit Enter.
    open Device Manager on Windows
  2. Expand display adapters section by double-clicking it. Then right-click on your display adapter and choose Properties option.
    open display adapter settings on windows
  3. Here, click on Roll back driver button and follow on-screen directions.
    roll back display driver
  4. Restart your computer.

Method 4. Run sfc/scannow

SFC, a shorter version of System File Checker, is a Windows utility for scanning, detecting and repairing Windows system files. It can help you to solve various Windows issues, and might come in handy when dealing with COM surrogate issues.

  1. In Windows search , type Command Prompt, then right-click matching result and choose Run as administrator.run command prompt as administrator
  2. Now, type sfc/scannow and press Enter. Wait until the scan is completed.
    run system file checker

Method 5. Run Deployment Image Servicing and Management tool (DISM)

  1. In Windows search , type Command Prompt, then right-click matching result and choose Run as administrator.
    run command prompt as administrator
  2. Copy the following command and paste it into Command Prompt window, then press Enter:
    DISM.exe /Online /Cleanup-image /Restorehealth
    run DISM on Windows
  3. Restart your computer.

Method 6. Run a scan with antivirus software

To rule out the possibility that the process is hijacked by fileless malware, consider running a scan with a trustworthy antivirus. Our team recommends and trusts INTEGO Antivirus, although you can choose whichever AV brand you prefer.

Intego Antivirus for Windows

Intego Antivirus for Windows

Award-winning antivirus solution for your PC.

Robust security software that provides robust 24/7 real-time protection, Web Shield that stops online threats/malicious downloads, and Prevention engine that wards off Zero-Day threats. Keep your PC safe and protected against ransomware, Trojans, viruses, spyware and other forms of dangerous programs.

GET IT NOW
75% OFF!

We hope that this guide has provided clear explanation of what COM Surrogate and why it may cause high memory usage. If you have further questions or suggestions, do not hesitate and share them in the comments section below.

norbert webb author at geeksadvice.com
Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.

Filed Under: Tutorials Tagged With: COM Surrogate

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

SEARCH OUR SITE

Trending

decrypt files locked by stop djvu ransomware virus

Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2023 Guide)

Some STOP/DJVU ransomware victims can decrypt or … [Read More...] about Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2023 Guide)

Remove STOP/DJVU Ransomware Virus (2023 Guide)

STOP/DJVU in 2023: more than 670 versions, latest … [Read More...] about Remove STOP/DJVU Ransomware Virus (2023 Guide)

Remove Segurazo Antivirus (SAntivirus Removal Guide 2023)

Segurazo review: is it a virus? Segurazo … [Read More...] about Remove Segurazo Antivirus (SAntivirus Removal Guide 2023)

easy ways to fix dns_probe_finished_nxdomain error on windows, mac, android, chromebook

Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

DNS_PROBE_FINISHED_NXDOMAIN error … [Read More...] about Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

POPULAR SOFTWARE REVIEWS

Private Internet Access Review

Private Internet Access Review 2023: Fast, Secure & Cheap VPN

Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet … [Read More...] about Private Internet Access Review 2023: Fast, Secure & Cheap VPN

restoro review 2020

Restoro Review 2023: Best Windows Repair Tool?

What is Restoro and how it works? Restoro is primarily a PC repair software designed for Windows … [Read More...] about Restoro Review 2023: Best Windows Repair Tool?

INTEGO antivirus review for Mac 2021

Intego Antivirus Review: Best Mac Antivirus in 2023?

Intego Antivirus for Mac is probably the best security choice for OS X Intego Antivirus for Mac … [Read More...] about Intego Antivirus Review: Best Mac Antivirus in 2023?

OUR EXPERTS RECOMMEND

Comprehensive PC Repair Software

geek's advice recommends restoro pc repair as editors choice
DOWNLOAD NOW
  • Uses Avira engine to remove malware
  • Repairs Virus Damage
  • Fixes Windows Errors & BSOD
  • Replaces Damaged DLLs
  • Repairs Damaged Windows Settings
  • Identifies Hardware Problems

Compatible with Microsoft Windows.

Read Full Review

Robust Mac Antivirus

geek's advice recommends intego mac internet security x9 as editors choice
GET INTEGO
  • 24/7 real-time protection
  • Intelligent firewall
  • Scans emails for malware
  • Scans iOS devices & external drives
  • Excellent malware detection rate
  • Easy-to-use

Compatible with Mac OS X 10.9-12.

Read Full Review

Copyright © 2023 Geeksadvice.com. Any unauthorized copying, redistribution or reproduction of part or all of the site contents in any form is prohibited.

About Us · Terms of Use · Privacy Policy · Contact Us